<?php
@include("connect.php");

$obj = [];

$username = $_POST["username"];
$oldPwd = $_POST["oldpwd"];
$confirmPwd = $_POST["confirmpwd"];


// $username = 'AAAZZ';
// $oldPwd = '123123';
// $confirmPwd = '123456';


if ($username && $oldPwd) {
    $sql = "select * from user where password = '$oldPwd'  and username = '$username' ";
    $res = mysqli_query($conn, $sql);
    $arr = mysqli_fetch_array($res);

    if ($arr) {
        $obj["status"] = true;
        $obj["msg"] = "与原密码匹配";

        if ($username && $confirmPwd) {
            $sql = "UPDATE user set password = '$confirmPwd'  where username = '$username'";
            mysqli_query($conn, $sql);
            $rows = mysqli_affected_rows($conn);
            if ($rows > 0) {
                $obj["status"] = true;
                $obj["msg"] = "密码修改成功";
            } else {
                $obj["status"] = false;
                $obj["msg"] = "密码修改失败";
            }
        }
    } else {
        $obj["status"] = false;
        $obj["msg"] = "密码不匹配";
    }
} else {
    $obj["status"] = false;
    $obj["msg"] = "前端数据错误";
}




echo (json_encode($obj, JSON_UNESCAPED_UNICODE));
